The present disclosure generally relates to security in application servers, and more particularly to controlling access by a service deployed on an application server to a target service.
An application server is software that provides services to applications or other services deployed on the application server. Applications deployed on an application server may have different needs or dependencies and may use the dependencies in different ways. In the JAVA programming language, it may be difficult to create restrictions on how certain applications deployed on an application server behave. For example, a JAVA application starts with privileges of the user who started it, and the JAVA application can exploit these privileges. Clearly defined dependencies may provide better control over how applications behave. For example, the module mechanism in JBOSS Application Server can achieve this. One of the original reasons for a module system is to allow different versions of a dependency to be used simultaneously by different applications deployed on the application server. The administrator may use this module mechanism to restrict an application or service from using particular services. Even with this module mechanism, however, problems still exist.
A service may have legitimate access (has dependencies) to libraries that access a relational database because, for example, the service stores its messages into the relational database. Typically, when an application is deployed on an application server, the application may access any service (e.g., database) that is coupled to or deployed on the application server. Unfortunately, a security problem may exist because the service may exploit this database library dependency and access any database coupled to the application server, potentially causing damage. The access may be a malicious access or a scenario in which an administrator of the application server mistakenly accesses a different database than intended.